Prism/Scripting

Important: The information on this page is out of date. Please refer to the Prism documentation [1] on the Mozilla Developer Center.

Prism allows for some client-side web application customization. The web application bundle is allowed to hold a JavaScript file named webapp.js (called the webapp script). This file will be loaded into the Prism chrome window very much like a Firefox extension is loaded into the browser chrome window.

Prism exposes a simple HostUI object to the webapp script. The HostUI object exposes some utility functions that may be useful to the webapp script. The interface is shown below:

Currently, the webapp script also has access to full XPCOM functionality, just like a Firefox extension. This level of functionality is commonly called chrome-level privileges. It means that the script has a higher level of privilege than scripts in the web content and has access to the file system, clipboard and other parts of the native OS.

In the future, the webapp script may have lower privileges. We are looking into the security aspects of the higher privilege level.